Exam Questions 350-401: Implementing and Operating Cisco Enterprise Network Core Technologies

Welcome to download the Newest 2passeasy 350-401 dumps
https://www.2passeasy.com/dumps/350-401/ (235 New Questions)
Exam Questions 350-401

Implementing and Operating Cisco Enterprise Network Core Technologies
https://www.2passeasy.com/dumps/350-401/
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 1
A network administrator is implementing a routing configuration change and enables routing debugs to track routing behavior during the change. The logging
output on the terminal is interrupting the command typing process. Which two actions can the network administrator take to minimize the possibility of typing
commands incorrectly? (Choose two.)
A. Configure the logging synchronous global configuration command

B. Configure the logging delimiter feature
C. Configure the logging synchronous command under the vty
D. Press the TAB key to reprint the command in a new line
E. increase the number of lines on the screen using the terminal length command
Answer: CD
NEW QUESTION 2
Which function in handled by vManage in the cisco SD-WAN fabric?
A. Establishes BFD sessions to test liveliness of links and nodes.

B. Distributes polices that govern data forwarding.
C. Performs remote software upgrades for WAN Edge vSmart and vBond.
D. Establishes iPsec tunnels with nodes
Answer: C
NEW QUESTION 3
A customer requests a network design that supports these requirements:
Which protocol does the design include?
A. HSRP version 2
B. VRRP version 2
C. GLBP
D. VRRP version 3
Answer: D
NEW QUESTION 4
A network engineer is configuring Flexible Netflow and enters these commands Sampler Netflow1
Mode random one-out-of 100 Interface fastethernet 1/0 Flow-sampler netflow1
Which are two results of implementing this feature instead of traditional Netflow? (Choose two.)
A. CPU and memory utilization are reduced.

B. Only the flows of top 100 talkers are exported
C. The data export flow is more secure.
D. The number of packets to be analyzed are reduced
E. The accuracy of the data to be analyzed is improved
Answer: AD
NEW QUESTION 5
Which devices does Cisco DNA Center configure when deploying an IP-based access control policy?
A. All devices integrating with ISE

B. selected individual devices
C. all devices in selected sites
D. all wired devices
Answer: A
Explanation:
When you click Deploy, Cisco DNA Center requests the Cisco Identity Services Engine (Cisco ISE) to send notifications about the policy changes to the network
devices.
NEW QUESTION 6
While configuring an IOS router for HSRP with a virtual IP of 10 1.1.1. an engineer sees this log message.
A. Change the HSRP group configuration on the remote router to 1.

B. Change the HSRP group configuration on the local router to 1.
C. Change the HSRP virtual address on the remote router to 10.1.1.1

D. Change the HSRP virtual address on the local router to 10.1.1.1
Answer: B
NEW QUESTION 7
How does EIGRP differ from OSPF?
A. EIGRP is more prone to routing loops than OSPF

B. EIGRP supports equal or unequal path cost, and OSPF supports only equal path cost.
C. EIGRP has a full map of the topology, and OSPF only knows directly connected neighbors
D. EIGRP uses more CPU and memory than OSPF
Answer: B
NEW QUESTION 8
Refer to the exhibit.
Which two commands are needed to allow for full reachability between AS 1000 and AS 2000? (Choose two)
A. R1#network 19.168.0.0 mask 255.255.0.0

B. R2#no network 10.0.0.0 255.255.255.0
C. R2#network 19.168.0.0 mask 255.255.0.0
D. R2#network 209.165.201.0 mask 255.255.192.0
E. R1#no network 10.0.0.0 255.255.255.0
Answer: BC
NEW QUESTION 9
Which algorithms are used to secure REST API from brute attacks and minimize the impact?
A. SHA-512 and SHA-384

B. MD5 algorithm-128 and SHA-384
C. SHA-1, SHA-256, and SHA-512
D. PBKDF2, BCrypt, and SCrypt
Answer: D
Explanation:
One of the best practices to secure REST APIs is using password hash. Passwords must always be hashed to protect the system (or minimize the damage) even
if it is compromised in some hacking attempts. There are many such hashing algorithms which can prove really effective for password security e.g. PBKDF2,
bcrypt and scrypt algorithms.
Other ways to secure REST APIs are: Always use HTTPS, Never expose information on URLs (Usernames, passwords, session tokens, and API keys should not
appear in the URL),
Adding Timestamp in Request, Using OAuth, Input Parameter Validation.
NEW QUESTION 10
An engineer must configure the strongest password authentication to locally authenticate on a router. Which configuration must be used?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
NEW QUESTION 10
Which configuration change will force BR2 to reach 209 165 201 0/27 via BR1?
A. Set the weight attribute to 65.535 on BR1 toward PE1.

B. Set the local preference to 150 on PE1 toward BR1 outbound
C. Set the MED to 1 on PE2 toward BR2 outbound.
D. Set the origin to igp on BR2 toward PE2 inbound.
Answer: C
NEW QUESTION 12
Which encryption hashing algorithm does NTP use for authentication?
A. SSL
B. MD5
C. AES128
D. AES256
Answer: D
NEW QUESTION 14

A network engineer configures NAT on R1 and enters me show command to verity the configuration What toes the output confirm?
A. The first pocket triggered NAT to add on entry to NAT table

B. R1 is configured with NAT overload parameters
C. A Telnet from 160.1.1 1 to 10.1.1.10 has been initiated.
D. R1 to configured with PAT overload parameters
Answer: A
NEW QUESTION 17
Drag and drop the threat defense solutions from the left onto their descriptions on the right.
A. Mastered
B. Not Mastered
Answer: A
Explanation:

NEW QUESTION 21
Which technology provides a secure communication channel for all traffic at Layer 2 of the OSI model?
A. MACsec
B. IPsec
C. SSL
D. Cisco Trustsec
Answer: A
Explanation:
MACsec, defined in 802.1AE, provides MAC-layer encryption over wired networks by using out-ofband methods for encryption keying. The MACsec Key
Agreement (MKA) Protocol provides the
NEW QUESTION 22
What occurs when a high bandwidth multicast stream is sent over an MVPN using Cisco hardware?
A. The traffic uses the default MDT to transmit the data only if it isa (S,G) multicast route entry
B. A data MDT is created to if it is a (*, G) multicast route entries
C. A data and default MDT are created to flood the multicast stream out of all PIM-SM neighbors.
D. A data MDT is created to allow for the best transmission through the core for (S, G) multicast route entries.
Answer: B
NEW QUESTION 26
The connecting between SW1 and SW2 is not operational. Which two actions resolve the issue? (Choose two)
A. configure switchport mode access on SW2

B. configure switchport nonegotiate on SW2
C. configure switchport mode trunk on SW2
D. configure switchport nonegotiate on SW1
E. configure switchport mode dynamic desirable on SW2
Answer: CE
NEW QUESTION 29
Which command set configures RSPAN to capture outgoing traffic from VLAN 3 on interface GigabitEthernet 0/3 while ignoring other VLAN traffic on the same
interface?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: D
NEW QUESTION 34
Which AP mode allows an engineer to scan configured channels for rogue access points?
A. sniffer
B. monitor
C. bridge
D. local
Answer: B
NEW QUESTION 35
A company plans to implement intent-based networking in its campus infrastructure. Which design facilities a migrate from a traditional campus design to a
programmer fabric designer?
A. Layer 2 access
B. three-tier
C. two-tier
D. routed access
Answer: C
NEW QUESTION 40
Which two methods are used to reduce the AP coverage area? (Choose two)
A. Reduce channel width from 40 MHz to 20 MHz

B. Disable 2.4 GHz and use only 5 GHz.
C. Reduce AP transmit power.
D. Increase minimum mandatory data rate
E. Enable Fastlane
Answer: CD
NEW QUESTION 44
An engineer configures a new HSRP group. While reviewing the HSRP status, the engineer sees the logging message generated on R2. Which is the cause of the
message?
A. The same virtual IP address has been configured for two HSRP groups
B. The HSRP configuration has caused a spanning-tree loop
C. The HSRP configuration has caused a routing loop
D. A PC is on the network using the IP address 10.10.1.1
Answer: A
NEW QUESTION 47

Which configuration establishes EBGP neighborship between these two directly connected neighbors and exchanges the loopback network of the two routers
through BGP?
A)
B)
C)
D)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Explanation:
With BGP, we must advertise the correct network and subnet mask in the “network” command (in this case network 10.1.1.0/24 on R1 and network 10.2.2.0/24 on
R2). BGP is very strict in the routing advertisements. In other words, BGP only advertises the network which exists exactly in the routing table. In this case, if you
put the command “network x.x.0.0 mask 255.255.0.0” or “network x.0.0.0 mask 255.0.0.0” or “network x.x.x.x mask 255.255.255.255” then BGP will not
advertise anything.
It is easy to establish eBGP neighborship via the direct link. But let’s see what are required when we want to establish eBGP neighborship via their loopback
interfaces. We will need two commands:
+ the command “neighbor 10.1.1.1 ebgp-multihop 2” on R1 and “neighbor 10.2.2.2 ebgpmultihop 2” on R1. This command increases the TTL value to 2 so that
BGP updates can reach the
BGP neighbor which is two hops away.
+ Answer ‘R1 (config) #router bgp 1
R1 (config-router) #neighbor 192.168.10.2 remote-as 2
R1 (config-router) #network 10.1.1.0 mask 255.255.255.0 R2 (config) #router bgp 2
R2 (config-router) #neighbor 192.168.10.1 remote-as 1
R2 (config-router) #network 10.2.2.0 mask 255.255.255.0 Quick Wireless Summary
Cisco Access Points (APs) can operate in one of two modes: autonomous or lightweight
+ Autonomous: self-sufficient and standalone. Used for small wireless networks.
+ Lightweight: A Cisco lightweight AP (LAP) has to join a Wireless LAN Controller (WLC) to function. LAP and WLC communicate with each other via a logical pair
of CAPWAP tunnels.

– Control and Provisioning for Wireless Access Point (CAPWAP) is an IETF standard for control messaging for setup, authentication and operations between APs
and WLCs. CAPWAP is similar to LWAPP except the following differences:
+CAPWAP uses Datagram Transport Layer Security (DTLS) for authentication and encryption to
protect traffic between APs and controllers. LWAPP uses AES.
+ CAPWAP has a dynamic maximum transmission unit (MTU) discovery mechanism.
+ CAPWAP runs on UDP ports 5246 (control messages) and 5247 (data messages) An LAP operates in one of six different modes:
+ Local mode (default mode): measures noise floor and interference, and scans for intrusion detection (IDS) events every 180 seconds on unused channels
+ FlexConnect, formerly known as Hybrid Remote Edge AP (H-REAP), mode: allows data traffic
to be switched locally and not go back to the controller. The FlexConnect AP can perform standalone client authentication and switch VLAN traffic locally even
when it’s disconnected to the WLC (Local Switched). FlexConnect AP can also tunnel (via CAPWAP) both user wireless data and control traffic to a centralized
WLC (Central Switched).
+ Monitor mode: does not handle data traffic between clients and the infrastructure. It acts like a sensor for location-based services (LBS), rogue AP detection, and
IDS
+ Rogue detector mode: monitor for rogue APs. It does not handle data at all.
+ Sniffer mode: run as a sniffer and captures and forwards all the packets on a particular channel to a remote machine where you can use protocol analysis tool
(Wireshark, Airopeek, etc) to review the packets and diagnose issues. Strictly used for troubleshooting purposes.
+ Bridge mode: bridge together the WLAN and the wired infrastructure together.
Mobility Express is the ability to use an access point (AP) as a controller instead of a real WLAN controller. But this solution is only suitable for small to midsize, or
multi-site branch locations where you might not want to invest in a dedicated WLC. A Mobility Express WLC can support up to 100 Aps
NEW QUESTION 48
What is the function of the LISP map resolver?
A. to send traffic to non-LISP sites when connected to a service provider that does not accept nonroutable ElDs as packet sources
B. to connect a site to the LISP-capable part of a core network publish the EID-to-RLOC mappings for the site, and respond to map-request messages
C. to decapsulate map-request messages from ITRs and forward the messages to the MS.
D. to advertise routable non-LISP traffic from one address family to LISP sites in a different address family
Answer: C
NEW QUESTION 51
A network engineer configures a new GRE tunnel and enters the show run command. What does the output verify?
A. The tunnel will be established and work as expected

B. The tunnel destination will be known via the tunnel interface
C. The tunnel keepalive is configured incorrectly because they must match on both sites
D. The default MTU of the tunnel interface is 1500 byte.
Answer: B
NEW QUESTION 56
Which benefit is offered by a cloud infrastructure deployment but is lacking in an on-premises deployment?
A. efficient scalability
B. virtualization
C. storage capacity
D. supported systems
Answer: A
NEW QUESTION 58

What is YANG used for?
A. scraping data via CLI

B. processing SNMP read-only polls
C. describing data models
D. providing a transport for network configuration data between client and server
Answer: C
NEW QUESTION 63
Which configuration allows Customer2 hosts to access the FTP server of Customer1 that has the IP address of 192.168.1.200?
A. ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 globalip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 globalip route 192.168.1.0
255.255.255.0 VlanlOip route 172.16.1.0 255.255.255.0 Vlan20
B. ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customer2ip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customerl
C. ip route vrf Customerl 172.16.1.0 255.255.255.0 172.16.1.1 Customerlip route vrf Customer 192.168.1.200 255.255.255.255 192.168.1.1 Customer2
D. ip route vrf Customerl 172.16.1.1 255.255.255.255 172.16.1.1 globalip route vrf Customer 192.168.1.200 255.255.255.0 192.168.1.1 globalip route 192.168.1.0
255.255.255.0 VlanlOip route 172.16.1.0 255.255.255.0 Vlan20
Answer: A
NEW QUESTION 66
AN engineer is implementing a route map to support redistribution within BGP. The route map must configured to permit all unmatched routes. Which action must
the engineer perform to complete this task?
A. Include a permit statement as the first entry

B. Include at least one explicit deny statement
C. Remove the implicit deny entry
D. Include a permit statement as the last entry
Answer: D
NEW QUESTION 71
AN engineer is implementing MPLS OAM to monitor traffic within the MPLS domain. Which action must the engineer perform to prevent from being forwarded
beyond the service provider domain when the LSP is down?
A. Disable IP redirects only on outbound interfaces

B. Implement the destination address for the LSP echo request packet in the 127.x.y.z/8 network
C. Disable IP redirects on all ingress interfaces
D. Configure a private IP address as the destination address of the headend router of Cisco MPLS TE.
Answer: C
NEW QUESTION 72

POSTMAN is showing an attempt to retrieve network device information from Cisco DNA Center API. What is the issue?
A. The URI string is incorrect

B. The token has expired.
C. Authentication has failed
D. The JSON payload contains the incorrect UUID
Answer: D
NEW QUESTION 76
Under which network conditions is an outbound QoS policy that is applied on a router WAN interface most beneficial?
A. under interface saturation condition

B. under network convergence condition
C. under all network condition
D. under traffic classification and marking conditions.
Answer: A
NEW QUESTION 81
A network engineer is adding an additional 10Gps link to an exiting 2x10Gps LACP-based LAG to augment its capacity. Network standards require a bundle
interface to be taken out of service if one of its member links goes down, and the new link must be added with minimal impact to the production network. Drag and
drop the tasks that the engineer must perform from the left into the sequence on the right. Not all options are used.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
A picture containing diagram Description automatically generated
NEW QUESTION 84

What is a consideration when designing a Cisco SD-Access underlay network?
A. End user subnets and endpoints are part of the underlay network.
B. The underlay switches provide endpoint physical connectivity for users.
C. Static routing is a requirement,
D. It must support IPv4 and IPv6 underlay networks
Answer: A
NEW QUESTION 89
What are two considerations when using SSO as a network redundancy feature? (Choose two)
A. both supervisors must be configured separately

B. the multicast state is preserved during switchover
C. must be combined with NSF to support uninterrupted Layer 2 operations
D. must be combined with NSF to support uninterrupted Layer 3 operations
E. requires synchronization between supervisors in order to guarantee continuous connectivity
Answer: DE
Explanation:
Text Description automatically generated
Cisco IOS Nonstop Forwarding(NSF) always runs with stateful switchover (SSO) and provides redundancy for Layer 3 traffic.
NEW QUESTION 92
If the noise floor is -90 dBm and wireless client is receiving a signal of -75 dBm, what is the SNR?
A. 15
B. 1.2
C. -165
D. .83
Answer: A
NEW QUESTION 94
Drag and drop the DHCP messages that are exchanged between a client and an AP into the order they are exchanged on the right.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Table Description automatically generated
There are four messages sent between the DHCP Client and DHCP Server: DHCPDISCOVER, DHCPO FFER, DHCPREQUEST and
DHCPACKNOWLEDGEMENT.
This process is often abbreviated as DORA (for Discover, Offer, Request, Acknowledgement).
NEW QUESTION 97
What is a characteristic of a next-generation firewall?
A. only required at the network perimeter

B. required in each layer of the network
C. filters traffic using Layer 3 and Layer 4 information only
D. provides intrusion prevention
Answer: D

NEW QUESTION 98
What is the output of this code?
A. username Cisco
B. get_credentials
C. username
D. CISCO
Answer: D
NEW QUESTION 103

Drag and drop the snippets onto the blanks within the code to construct a script that configures BGP according to the topology. Not all options are used, and some
options may be used twice.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Graphical user interface, text, application, email Description automatically generated
NEW QUESTION 104

Which method creates an EEM applet policy that is registered with EEM and runs on demand or manually?
A. event manager applet ondemand event registeraction 1.0 syslog priority critical msg 'This is a message from ondemand'
B. event manager applet ondemand event manualaction 1.0 syslog priority critical msg 'This is a message from ondemand'
C. event manager applet ondemand event noneaction 1.0 syslog priority critical msg 'This is a message from ondemand'
D. event manager applet ondemandaction 1.0 syslog priority critical msg 'This is a message from ondemand'
Answer: C
Explanation:
An EEM policy is an entity that defines an event and the actions to be taken when that event occurs. There are two types of EEM policies: an applet or a script. An
applet is a simple form of policy that is defined within the CLI configuration. answer 'event manager applet ondemand event register
action 1.0 syslog priority critical msg ‘This is a message from ondemand’
<="" p="" style="box-sizing: border-box;">
There are two ways to manually run an EEM policy. EEM usually schedules and runs policies on the basis of an event specification that is contained within the
policy itself. The event none command allows EEM to identify an EEM policy that can be manually triggered. To run the policy, use either the action policy
command in applet configuration mode or the event manager run command
in privileged EXEC mode.
NEW QUESTION 105

Which LISP component is required for a LISP site to communicate with a non-LISP site?
A. ETR
B. ITR
C. Proxy ETR
D. Proxy ITR
Answer: C
NEW QUESTION 109

What is a characteristic of MACsec?
A. 802.1AE provides encryption and authentication services

B. 802.1AE is bult between the host and switch using the MKA protocol, which negotiates encryption keys based on the master session key from a successful
802.1X session
C. 802.1AE is bult between the host and switch using the MKA protocol using keys generated via the Diffie-Hellman algorithm (anonymous encryption mode)
D. 802.1AE is negotiated using Cisco AnyConnect NAM and the SAP protocol
Answer: A
Explanation:
MACsec, defined in 802.1AE, provides MAC-layer encryption over wired networks by using out-of-band methods for encryption keying. The MACsec Key
Agreement (MKA) Protocol provides the required session keys and manages the required encryption keys. MKA and MACsec are implemented after successful
authentication using the 802.1x Extensible Authentication Protocol (EAP-TLS) or Pre Shared Key (PSK) framework.
NEW QUESTION 114

Which three elements determine Air Time efficiency? (Choose three)
A. evert-driven RRM
B. data rate (modulation density) or QAM
C. channel bandwidth
D. number of spatial streams and spatial reuse
E. RF group leader
F. dynamic channel assignment
Answer: ACE
NEW QUESTION 119

Running the script causes the output in the exhibit. Which change to the first line of the script resolves the error?
A. from ncclient import

B. import manager
C. from ncclient import*
D. import ncclient manager
Answer: A
NEW QUESTION 120

In cisco SD_WAN, which protocol is used to measure link quality?
A. OMP
B. BFD
C. RSVP
D. IPsec
Answer: B
NEW QUESTION 122

What is the function of cisco DNA center in a cisco SD-access deployment?

A. It is responsible for routing decisions inside the fabric

B. It is responsible for the design, management, deployment, provisioning and assurance of the fabric network devices.
C. It possesses information about all endpoints, nodes and external networks related to the fabric
D. It provides integration and automation for all nonfabric nodes and their fabric counterparts.
Answer: B
NEW QUESTION 126

Drag and drop the virtual components from the left onto their deceptions on the right.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 131

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Diagram Description automatically generated
NEW QUESTION 133


Which set of commands on router r R1 Allow deterministic translation of private hosts PC1, PC2, and PC3 to addresses in the public space?
A)
B)
C)
D)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
NEW QUESTION 134


Rapid PVST+ is enabled on all switches. Which command set must be configured on switch1 to achieve the following results on port fa0/1?
A)
B)
C)
D)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: D
NEW QUESTION 137

What is used to perform OoS packet classification?
A. the Options field in the Layer 3 header

B. the Type field in the Layer 2 frame
C. the Flags field in the Layer 3 header
D. the TOS field in the Layer 3 header
Answer: D
NEW QUESTION 140

An engineer is implementing a Cisco MPLS TE tunnel to improve the streaming experience for the clients of a video-on-demand server. Which action must the
engineer perform to configure extended discovery to support the MPLS LDP session between the headend and tailend routers?
A. Configure the interface bandwidth to handle TCP and UDP traffic between the LDP peers
B. Configure a Cisco MPLS TE tunnel on both ends of the session
C. Configure an access list on the interface to permit TCP and UDP traffic
D. Configure a targeted neighbor session.
Answer: B
NEW QUESTION 144

How is MSDP used to interconnect multiple PIM-SM domains?
A. MSDP depends on BGP or multiprotocol BGP for mterdomam operation

B. MSDP SA request messages are used to request a list of active sources for a specific group
C. SDP allows a rendezvous point to dynamically discover active sources outside of its domain
D. MSDP messages are used to advertise active sources in a domain

Answer: A
NEW QUESTION 146

Refer to the exhibit
How was spanning-tree configured on this interface?
A. By entering the command spanning-tree portfast trunk in the interface configuration mode.
B. By entering the command spanning-tree portfast in the interface configuration mode
C. By entering the command spanning-tree mst1 vlan 10,20,30,40 in the global configuration mode
D. By entering the command spanning-tree vlan 10,20,30,40 root primary in the interface configuration mode
Answer: A
NEW QUESTION 147

Which network devices secure API platform?
A. next-generation intrusion detection systems

B. Layer 3 transit network devices
C. content switches
D. web application firewalls
Answer: A
NEW QUESTION 151

Which line must be added in the Python function to return the JSON object {"cat_9k": “FXS193202SE")?
A)
B)
C)
D)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: D
NEW QUESTION 155

Drag and drop the characteristics from the left onto the routing protocols they describe on the right.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 160

What is one difference between saltstack and ansible?
A. SaltStack uses an API proxy agent to program Cisco boxes on agent mode, whereas Ansible uses a Telnet connection
B. SaltStack uses the Ansible agent on the box, whereas Ansible uses a Telnet server on the box
C. SaltStack is constructed with minion, whereas Ansible is constructed with YAML
D. SaltStack uses SSH to interact with Cisco devices, whereas Ansible uses an event bus
Answer: A
NEW QUESTION 162

Router 1 is currently operating as the HSRP primary with a priority of 110 router1 fails and router2 take over the forwarding role. Which command on router1
causes it to take over the forwarding role when it return to service?
A. standby 2 priority
B. standby 2 preempt
C. standby 2 track
D. standby 2 timers
Answer: B
NEW QUESTION 163

Which JSON syntax is valid?
A)

B)
C)
D)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
Explanation:
This JSON can be written as follows:
{
'switch': { 'name': 'dist1',
'interfaces': ['gig1', 'gig2', 'gig3']
}
}
NEW QUESTION 164

Refer the exhibit.
Which router is the designated router on the segment 192.168.0.0/24?
A. This segment has no designated router because it is a nonbroadcast network type.

B. This segment has no designated router because it is a p2p network type.
C. Router Chicago because it has a lower router ID
D. Router NewYork because it has a higher router ID
Answer: B
NEW QUESTION 169

An engineer attempts to configure a trunk between switch sw1 and switch SW2 using DTP, but the trunk does not form. Which command should the engineer
apply to switch SW2 to resolve this issue?

A. switchport mode dynamic desirable

B. switchport nonegotiate
C. no switchport
D. switchport mode access
Answer: A
NEW QUESTION 173

Which device makes the decision for a wireless client to roam?
A. wireless client
B. wireless LAN controller
C. access point
D. WCS location server
Answer: A
NEW QUESTION 175

An engineer measures the Wi-Fi coverage at a customer site. The RSSI values are recorded as follows:
Which two statements does the engineer use to explain these values to the customer? (Choose two)
A. The signal strength at location C is too weak to support web surfing

B. Location D has the strongest RF signal strength
C. The RF signal strength at location B is 50% weaker than location A
D. The signal strength at location B is 10 dB better than location C
E. The RF signal strength at location C is 10 times stronger than location B
Answer: BE
NEW QUESTION 179

Which TCP setting is tuned to minimize the risk of fragmentation on a GRE/IP tunnel?
A. MTU
B. Window size
C. MRU
D. MSS
Answer: D
Explanation:
The TCP Maximum Segment Size (TCP MSS) defines the maximum amount of data that a host
is willing to accept in a single TCP/IP datagram. This TCP/IP datagram might be fragmented at the IP layer. The MSS value is sent as a TCP header option only in
TCP SYN segments. Each side of a TCP connection reports its MSS value to the other side. Contrary to popular belief, the MSS value is not negotiated between
hosts. The sending host is required to limit the size of data in a single TCP segment to a value less than or equal to the MSS reported by the receiving host.
TCP MSS takes care of fragmentation at the two endpoints of a TCP connection, but it does not handle the case where there is a smaller MTU link in the middle
between these two endpoints. PMTUD was developed in order to avoid fragmentation in the path between the endpoints. It is
NEW QUESTION 182

Which command must be applied to R2 for an OSPF neighborship to form?

A. network 20.1.1.2.0.0.0.0 area 0

B. network 20.1.1.2 255.255.0.0. area 0
C. network 20.1.1.2.0.0.255.255 area 0
D. network 20.1.1.2 255.255.255 area 0
Answer: A
Explanation:
The network 20.0.0.0 0.0.0.255 area 0 command on R2 did not cover the IP address of Fa1/1 interface of R2 so OSPF did not run on this interface. Therefore we
have to use the command network 20.1.1.2 0.0.255.255 area 0 to turn on OSPF on this interface.
Note: The command network 20.1.1.2 0.0.255.255 area 0 can be used too so this answer is also correct but answer C is the best answer here.
The network 0.0.0.0 255.255.255.255 area 0 command on R1 will run OSPF on all active
NEW QUESTION 187

An engineer is working with the Cisco DNA Center API Drag and drop the methods from the left onto the actions that they are used for on the right.
A. Mastered
B. Not Mastered
Answer: A
Explanation:

NEW QUESTION 190

A network engineer configures a GRE tunnel and enters the show Interface tunnel command. What does the output confirm about the configuration?
A. The keepalive value is modified from the default value.

B. Interface tracking is configured.
C. The tunnel mode is set to the default.
D. The physical interface MTU is 1476 bytes.
Answer: C
NEW QUESTION 194

A network engineer must configure a router to send logging messages to a syslog server based on these requirements:
uses syslog IP address: 10.10.10.1
uses a reliable protocol
must not use any well-known TCP/UDP ports
Which configuration must be used?
A. logging host 10.10.10.1 transport tcp port 1024

B. logging origin-id 10.10.10.1
C. logging host 10.10.10.1 transport udp port 1023
D. logging host 10.10.10.1 transport udp port 1024
Answer: A
NEW QUESTION 195

Which two mechanisms are available to secure NTP? (Choose two.)
A. IP prefix list-based
B. IPsec
C. TACACS-based authentication
D. IP access list-based
E. Encrypted authentication
Answer: DE
NEW QUESTION 196


Router BRDR-1 is configured to receive the 0.0.0.0/0 and 172.17.1.0/24 network via BGP and advertise them into OSPF are 0. An engineer has noticed that the
OSPF domain is receiving only the 172.17.1.0/24 route and default route 0.0.0.0/0 is still missing. Which configurating must engineer apply to resolve the problem?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: D
NEW QUESTION 198

What are two effects of this configuration? (Choose two.)
A. R1 becomes the active router.

B. R1 becomes the standby router.
C. If R2 goes down, R1 becomes active but reverts to standby when R2 comes back online.
D. If R1 goes dow
E. R2 becomes active and remains the active device when R1 comes back online.
F. If R1 goes down, R2 becomes active but reverts to standby when R1 comes back online.
Answer: AD
NEW QUESTION 202

In an SD-WAN deployment, which action in the vSmart controller responsible for?
A. handle, maintain, and gather configuration and status for nodes within the SD-WAN fabric
B. distribute policies that govern data forwarding performed within the SD-WAN fabric
C. gather telemetry data from vEdge routers
D. onboard vEdge nodes into the SD-WAN fabric
Answer: B
NEW QUESTION 207

Which component of the Cisco Cyber Threat Defense solution provides user and flow context analysis?
A. Cisco Firepower and FireSIGHT

B. Cisco Stealth watch system
C. Advanced Malware Protection
D. Cisco Web Security Appliance
Answer: B
NEW QUESTION 209

A network administrator applies the following configuration to an IOS device.
What is the process of password checks when a login attempt is made to the device?
A. A TACACS+server is checked firs

B. If that check fail, a database is checked?
C. A TACACS+server is checked firs
D. If that check fail, a RADIUS server is checke
E. If that check fai
F. a local database is checked.
G. A local database is checked firs
H. If that fails, a TACACS+server is checked, if that check fails, a RADUIS server is checked.
I. A local database is checked firs
J. If that check fails, a TACACS+server is checked.
Answer: D
NEW QUESTION 213

A network operator is attempting to configure an IS-IS adjacency between two routers, but the adjacency cannot be established. To troubleshoot the problem, the
operator collects this debugging output. Which interfaces are misconfigured on these routers?
A. The peer router interface is configured as Level 1 only, and the R2 interface is configured as Level 2 only
B. The R2 interface is configured as Level 1 only, and the Peer router interface is configured as Level 2 only
C. The R2 interface is configured as point-to-point, and the peer router interface is configured as multipoint.
D. The peer router interface is configured as point-as-point, and the R2 interface is configured as multipoint.
Answer: C
NEW QUESTION 218

An engineer must ensure that all traffic leaving AS 200 will choose Link 2 as an entry point. Assuming that all BGP neighbor relationships have been formed and
that the attributes have not been changed on any of the routers, which configuration accomplish task?

A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Explanation:
R3 advertises BGP updates to R1 with multiple AS 100 so R3 believes the path to reach AS 200 via R3 is farther than R2 so R3 will choose R2 to forward traffic to
AS 200.
NEW QUESTION 221

A network is being migrated from IPV4 to IPV6 using a dual-stack approach. Network management is already 100% IPV6 enabled. In a dual-stack network with
two dual-stack NetFlow collections, how many flow exporters are needed per network device in the flexible NetFlow configuration?
A. 1
B. 2
C. 4
D. 8
Answer: B
NEW QUESTION 222

What is the recommended MTU size for a Cisco SD-Access Fabric?
A. 1500
B. 9100
C. 4464
D. 17914
Answer: B
NEW QUESTION 223

What is the effect of this configuration?
A. When users attempt to connect to vty lines 0 through 4, the device will authenticate them against TACACS+ if local authentication fails
B. The device will authenticate all users connecting to vty lines 0 through 4 against TACACS+
C. The device will allow users at 192.168.0.202 to connect to vty lines 0 through 4 using the password ciscotestkey
D. The device will allow only users at 192.166.0.202 to connect to vty lines 0 through 4
Answer: B

NEW QUESTION 228

Where is radio resource management performed in a cisco SD-access wireless solution?
A. DNA Center
B. control plane node
C. wireless controller
D. Cisco CMX
Answer: C
Explanation:
Fabric wireless controllers manage and control the fabric-mode APs using the same general model as the traditional local-mode controllers which offers the same
operational advantages such as mobility control and radio resource management. A significant difference is that client traffic from wireless endpoints is not
tunnelled from the APs to the wireless controller. Instead, communication from wireless clients is encapsulated in VXLAN by the fabric APs which build a tunnel to
their first-hop fabric edge node. Wireless traffic it tunneled to the edge nodes as the edge nodes provide fabric services such as the Layer 3 Anycast Gateway,
policy, and traffic enforcement. https://www.cisco.com/c/en/us/td/docs/solutions/CVD/Campus/cisco-sda-design-guide.html
NEW QUESTION 233

Which troubleshooting a routing issue, an engineer issues a ping from S1 to S2. When two actions from the initial value of the TTL? (Choose two.)
A. The packet reaches R3, and the TTL expires

B. R2 replies with a TTL exceeded message
C. R3 replies with a TTL exceeded message.
D. The packet reaches R2 and the TTL expires
E. R1 replies with a TTL exceeded message
F. The packet reaches R1 and the TTL expires.
Answer: AC
NEW QUESTION 236

which features does Cisco EDR use to provide threat detection and response protection?
A. containment, threat intelligence, and machine learning

B. firewalling and intrusion prevention
C. container-based agents
D. cloud analysis and endpoint firewall controls
Answer: A
NEW QUESTION 237

An engineer configures monitoring on SW1 and enters the show command to verify operation. What does the output confirm?
A. SPAN session 1 monitors activity on VLAN 50 of a remote switch

B. SPAN session 2 only monitors egress traffic exiting port FastEthernet 0/14.

C. SPAN session 2 monitors all traffic entering and exiting port FastEthernet 0/15.
D. RSPAN session 1 is incompletely configured for monitoring
Answer: D
Explanation:
SW1 has been configured with the following commands:
SW1(config)#monitor session 1 source remote vlan 50 SW1(config)#monitor session 2 source interface fa0/14 SW1(config)#monitor session 2 destination
interface fa0/15
The session 1 on SW1 was configured for Remote SPAN (RSPAN) while session 2 was configured for local SPAN. For RSPAN we need to configure the
destination port to complete the configuration.
Note: In fact we cannot create such a session like session 1 because if we only configure Source RSPAN VLAN 50 (with the command monitor session 1 source
remote vlan 50) then we will receive a Type: Remote Source Session (not Remote Destination Session).
NEW QUESTION 241

What is the centralized control policy in a Cisco SD-WAN deployment?
A. list of ordered statements that define user access policies

B. set of statements that defines how routing is performed
C. set of rules that governs nodes authentication within the cloud
D. list of enabled services for all nodes within the cloud
Answer: B
NEW QUESTION 246

What is the effect of these commands on the BR and HQ tunnel interfaces?
A. The tunnel line protocol goes down when the keepalive counter reaches 6
B. The keepalives are sent every 5 seconds and 3 retries
C. The keepalives are sent every 3 seconds and 5 retries
D. The tunnel line protocol goes down when the keepalive counter reaches 5
Answer: B
NEW QUESTION 249

Wireless users report frequent disconnections from the wireless network. While troubleshooting a network engineer finds that after the user a disconnect, the
connection re-establishes automatically without any input required. The engineer also notices these message logs .
Which action reduces the user impact?
A. increase the AP heartbeat timeout

B. increase BandSelect
C. enable coverage hole detection
D. increase the dynamic channel assignment interval
Answer: D
Explanation:
These message logs inform that the radio channel has been reset (and the AP must be down briefly). With dynamic channel assignment (DCA), the radios can
frequently switch from one channel to another but it also makes disruption. The default DCA interval is 10 minutes, which is matched with the time of the message
logs. By increasing the DCA interval, we can reduce the number of times our users are disconnected for changing radio channels.
NEW QUESTION 254

At which Layer does Cisco DNA Center support REST controls?

A. EEM applets or scripts

B. Session layer
C. YMAL output from responses to API calls
D. Northbound APIs
Answer: D
NEW QUESTION 258

An engineer is investigating why guest users are able to access other guest user devices when the users are connected to the customer guest WLAN. What action
resolves this issue?
A. implement MFP client protection

B. implement split tunneling
C. implement P2P blocking
D. implement Wi-Fi direct policy
Answer: B
Explanation:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/configurationguide
NEW QUESTION 259

A network engineer configures BGP between R1 and R2. Both routers use BGP peer group CORP and are set up to use MD5 authentication. This message is
logged to the console of router R1:
Which two configuration allow peering session to from between R1 and R2? Choose two.)
A)
B)
C)
D)
E)

A. Option A
B. Option B
C. Option C
D. Option D
E. Option E
Answer: BE
NEW QUESTION 262

Drag and drop the wireless elements on the left to their definitions on the right.
A. Mastered
B. Not Mastered
Answer: A
Explanation:
Chart, line chart Description automatically generated
NEW QUESTION 264

Which configuration restricts the amount of SSH that a router accepts 100 kbps?
A)
B)
C)
D)

A. Option A
B. Option B
C. Option C
D. Option D
Answer: C
Explanation:
CoPP protects the route processor on network devices by treating route processor resources as a separate entity with its own ingress interface (and in some
implementations, egress also). CoPP is used to police traffic that is destined to the route processor of the router such as:
+ routing protocols like OSPF, EIGRP, or BGP.
+ Gateway redundancy protocols like HSRP, VRRP, or GLBP.
+ Network management protocols like telnet, SSH, SNMP, or RADIUS.
Therefore we must apply the CoPP to deal with SSH because it is in the management plane. CoPP must be put under “control-plane” command.
NEW QUESTION 269

Based on the configuration in this WLAN security setting, Which method can a client use to authenticate to the network?
A. text string
B. username and password
C. certificate
D. RADIUS token
Answer: A

NEW QUESTION 273

How cloud deployments differ from on-prem deployments?
A. Cloud deployments require longer implementation times than on-premises deployments

B. Cloud deployments are more customizable than on-premises deployments.
C. Cloud deployments require less frequent upgrades than on-premises deployments.
D. Cloud deployments have lower upfront costs than on-premises deployments.
Answer: B
NEW QUESTION 275

How are the different versions of IGMP compatible?
A. IGMPv2 is compatible only with IGMPv1.

B. IGMPv2 is compatible only with IGMPv2.
C. IGMPv3 is compatible only with IGMPv3.
D. IGMPv3 is compatible only with IGMPv1
Answer: A
NEW QUESTION 276

Which two operational models enable an AP to scan one or more wireless channels for rouge access points and at the same time provide wireless services to
clients? (Choose two.)
A. Rouge detector
B. Sniffer
C. FlexConnect
D. Local
E. Monitor
Answer: DE
NEW QUESTION 280

What is a characteristic of a virtual machine?
A. It must be aware of other virtual machines, in order to allocate physical resources for them
B. It is deployable without a hypervisor to host it
C. It must run the same operating system as its host
D. It relies on hypervisors to allocate computing resources for it
Answer: D
NEW QUESTION 281

When configuration WPA2 Enterprise on a WLAN, which additional security component configuration is required?
A. NTP server
B. PKI server
C. RADIUS server
D. TACACS server
Answer: C
NEW QUESTION 284

Drag and drop the characteristics from the left onto the protocols they apply to on the right?
A. Mastered
B. Not Mastered
Answer: A

Explanation:
Diagram Description automatically generated
NEW QUESTION 285

What does the snippet of code achieve?
A. It creates a temporary connection to a Cisco Nexus device and retrieves a token to be used for API calls.
B. It opens a tunnel and encapsulates the login information, if the host key is correct.
C. It opens an ncclient connection to a Cisco Nexus device and maintains it for the duration of the context.
D. It creates an SSH connection using the SSH key that is stored, and the password is ignored.
Answer: C
Explanation:
ncclient is a Python library that facilitates client-side scripting and application development around the NETCONF protocol.
The above Python snippet uses the ncclient to connect and establish a NETCONF session to a Nexus device (which is also a NETCONF server).
NEW QUESTION 286

The login method is configured on the VTY lines of a router with these parameters.
The first method for authentication is TACACS
If TACACS is unavailable, login is allowed without any provided credentials
Which configuration accomplishes this task?
A. R1#sh run | include aaa aaa new-modelaaa authentication login VTY group tacacs+ none aaa session-id commonR1#sh run | section vty line vty 0 4password 7
0202039485748R1#sh run | include username R1#
B. R1#sh run | include aaa aaa new-modelaaa authentication login telnet group tacacs+ none aaa session-id commonR1#sh run | section vty line vty 0 4R1#sh run
| include username R1#
C. R1#sh run | include aaa aaa new-modelaaa authentication login default group tacacs+ none aaa session-id commonR1#sh run | section vty line vty 0
4password 7 0202039485748
D. R1#sh run | include aaa aaa new-modelaaa authentication login default group tacacs+ aaa session-id commonR1#sh run | section vty line vty 0 4transport input
none R1#
Answer: C
Explanation:
According to the requirements (first use TACACS+, then allow login with no authentication), we have to use “aaa authentication login … group tacacs+ none” for
AAA command.
The next thing to check is the if the “aaa authentication login default” or “aaa authentication login list-name” is used. The ‘default’ keyword means we want to
apply for all login connections
(such as tty, vty, console and aux). If we use this keyword, we don’t need to configure anything else under tty, vty and aux lines. If we don’t use this keyword then
we have to specify which line(s) we want to apply the authentication feature.
From above information, we can find out answer 'R1#sh run | include aaa aaa new-model
aaa authentication login default group tacacs+ none aaa session-id common
R1#sh run | section vty line vty 0 4
password 7 0202039485748
If you want to learn more about AAA configuration, please read our AAA TACACS+ and RADIUS Tutorial – Part 2.
For your information, answer 'R1#sh run | include aaa aaa new-model
aaa authentication login telnet group tacacs+ none aaa session-id common
R1#sh run | section vty line vty 0 4
R1#sh run | include username
R1#' would be correct if we add the following command under vty line (“line vty 0 4”): “login
authentication telnet” (“telnet” is the name of the AAA list above)
NEW QUESTION 291

What is a fact about Cisco EAP-FAST?
A. It does not require a RADIUS server certificate.

B. It requires a client certificate.
C. It is an IETF standard.
D. It operates in transparent mode.
Answer: A
NEW QUESTION 293


The IP SLA is configured in a router. An engineer must configure an EEM applet to shut down the interface and bring it back up when there is a problem with the
IP SLA. Which configuration should the engineer use?
A. event manager applet EEM_IP_SLA event track 10 state down

B. event manager applet EEM_IP_SLA event track 10 state unreachable
C. event manager applet EEM_IP_SLA event sla 10 state unreachable
D. event manager applet EEM_IP_SLA event sla 10 state down
Answer: A
Explanation:
The ip sla 10 will ping the IP 192.168.10.20 every 3 seconds to make sure the connection is still up. We can configure an EEM applet if there is any problem with
this IP SLA via the command event track 10 state down.
NEW QUESTION 296

Drag and drop the Qos mechanisms from the left to the correct descriptions on the right
A. Mastered
B. Not Mastered
Answer: A
Explanation:
A picture containing diagram Description automatically generated
NEW QUESTION 301

Which protocol is used to encrypt control plane traffic between SD-WAN controllers and SD-WAN endpoints?
A. DTLS
B. IPsec
C. PGP
D. HTTPS
Answer: A
NEW QUESTION 304

How is 802.11 traffic handled in a fabric-enabled SSID?
A. centrally switched back to WLC where the user traffic is mapped to a VXLAN on the WLC
B. converted by the AP into 802.3 and encapsulated into VXLAN
C. centrally switched back to WLC where the user traffic is mapped to a VLAN on the WLC
D. converted by the AP into 802.3 and encapsulated into a VLAN
Answer: B
NEW QUESTION 307

Drag and drop the characteristics from the left onto the appropriate infrastructure deployment types on the right.

A. Mastered
B. Not Mastered
Answer: A
Explanation:
NEW QUESTION 308

A company has an existing Cisco 5520 HA cluster using SSO. An engineer deploys a new single Cisco Catalyst 9800 WLC to test new features. The engineer
successfully configures a mobility tunnel between the 5520 cluster and 9800 WLC. Client connected to the corporate WLAN roam seamlessly between access
points on the 5520 and 9800 WLC. After a failure on the primary 5520 WLC, all WLAN services remain functional; however, Client roam between the 5520 and
9800 controllers without dropping their connection. Which feature must be configured to remedy the issue?
A. mobility MAC on the 5520 cluster

B. mobility MAC on the 9800 WLC
C. new mobility on the 5520 cluster
D. new mobility on the 9800 WLC
Answer: B
NEW QUESTION 312

Which outbound access list, applied to the WAN interface of a router, permits all traffic except for http traffic sourced from the workstation with IP address
10.10.10.1?
A)
B)

C)
D)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
NEW QUESTION 317

Which technology is used as the basis for the cisco sd-access data plane?
A. IPsec
B. LISP
C. VXLAN
D. 802.1Q
Answer: C
NEW QUESTION 321

Refer to the exhibit
Which single security feature is recommended to provide Network Access Control m the enterprise?
A. MAB
B. 802.1X
C. WebAuth
D. port security sticky MAC
Answer: B
NEW QUESTION 325

Which two threats does AMP4E have the ability to block? (Choose two.)
A. DDoS
B. ransomware
C. Microsoft Word macro attack
D. SQL injection
E. email phishing
Answer: BE
NEW QUESTION 329

Which characteristic distinguishes Ansible from Chef?
A. Ansible lacs redundancy support for the master serve

B. Chef runs two masters in an active/active mode.
C. Ansible uses Ruby to manage configuration

D. Chef uses YAML to manage configurations.

E. Ansible pushes the configuration to the clien
F. Chef client pulls the configuration from the server.
G. The Ansible server can run on Linux, Unix or Window
H. The Chef server must run on Linux or Unix.
Answer: C
NEW QUESTION 334

What is a benefit of data modeling languages like YANG?
A. They enable programmers to change or write their own application within the device operating system.
B. They create more secure and efficient SNMP OIDs.
C. They make the CLI simpler and more efficient.
D. They provide a standardized data structure, which results in configuration scalability and consistency.
Answer: D
Explanation:
Yet Another Next Generation (YANG) is a language which is only used to describe data models (structure). It is not XML or JSON.
NEW QUESTION 335

......

THANKS FOR TRYING THE DEMO OF OUR PRODUCT
Visit Our Site to Purchase the Full Set of Actual 350-401 Exam Questions With Answers.
We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the
350-401 Product From:
https://www.2passeasy.com/dumps/350-401/
Money Back Guarantee
350-401 Practice Exam Features:
* 350-401 Questions and Answers Updated Frequently
* 350-401 Practice Questions Verified by Expert Senior Certified Staff
* 350-401 Most Realistic Questions that Guarantee you a Pass on Your FirstTry
* 350-401 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

Powered by TCPDF (www.tcpdf.org)

Exam Questions 350-401: Implementing and Operating Cisco Enterprise Network Core Technologies

Uploaded by

Copyright:

Available Formats

Exam Questions 350-401: Implementing and Operating Cisco Enterprise Network Core Technologies

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Exam Questions 350-401: Implementing and Operating Cisco Enterprise Network Core Technologies

Uploaded by

Copyright:

Available Formats

Welcome to download the Newest 2passeasy 350-401 dumps

https://www.2passeasy.com/dumps/350-401/ (235 New Questions)

Exam Questions 350-401

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Configure the logging synchronous global configuration command

A. Establishes BFD sessions to test liveliness of links and nodes.

Which protocol does the design include?

A. CPU and memory utilization are reduced.

A. All devices integrating with ISE

A. Change the HSRP group configuration on the remote router to 1.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

D. Change the HSRP virtual address on the local router to 10.1.1.1

A. EIGRP is more prone to routing loops than OSPF

A. R1#network 19.168.0.0 mask 255.255.0.0

A. SHA-512 and SHA-384

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Set the weight attribute to 65.535 on BR1 toward PE1.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. The first pocket triggered NAT to add on entry to NAT table

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. configure switchport mode access on SW2

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Reduce channel width from 40 MHz to 20 MHz

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. The tunnel will be established and work as expected

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

What is YANG used for?

A. scraping data via CLI

A. Include a permit statement as the first entry

A. Disable IP redirects only on outbound interfaces

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. The URI string is incorrect

A. under interface saturation condition

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

What is a consideration when designing a Cisco SD-Access underlay network?

A. both supervisors must be configured separately

A. only required at the network perimeter

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 103

NEW QUESTION 104

NEW QUESTION 105

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 109

A. 802.1AE provides encryption and authentication services

NEW QUESTION 114

NEW QUESTION 119

A. from ncclient import

NEW QUESTION 120

NEW QUESTION 122

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. It is responsible for routing decisions inside the fabric

NEW QUESTION 126

NEW QUESTION 131

NEW QUESTION 133

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 134

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com